[GitHub] [iceberg] Fokko commented on a diff in pull request #7376: Python: Provide version ranges for each dependency

via GitHub Mon, 24 Apr 2023 05:50:24 -0700


Fokko commented on code in PR #7376:
URL: https://github.com/apache/iceberg/pull/7376#discussion_r1175195612



##########
python/pyproject.toml:
##########
@@ -43,25 +43,24 @@ include = [{ path = "dev", format = "sdist" }]
 
 [tool.poetry.dependencies]
 python = "^3.8"
-mmhash3 = "3.0.1"
-requests = ">=2.28.1,<=2.28.2"
-click = "8.1.3"
-rich = ">=13.0.0,<=13.3.4"
-pyyaml = ">=5.4.0,<=6.0.0"
-pydantic = "1.10.7"
-fsspec = ">=2022.8.2,<=2023.3.0"
-pyparsing = "3.0.9"
-zstandard = "0.20.0"
-pyarrow = { version = ">=8.0.0,<=11.0.0", optional = true }
-pandas = { version = ">=1.4.4,<=1.5.3", optional = true }
-duckdb = { version = ">=0.6.0,<=0.7.1", optional = true }
-ray = { version = ">=2.0.0,<=2.3.1", optional = true }
-python-snappy = { version = "0.6.1", optional = true }
-thrift = { version = "0.16.0", optional = true }
-boto3 = { version = "1.24.59", optional = true }
-# The versions of the fsspec implementations should run in sync with fsspec 
above
-s3fs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
-adlfs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
+mmhash3 = "^3"
+requests = "^2.20"
+click = ">=7.1.1,<9.0.0"
+rich = ">=10.11.0,<14.0.0"
+pyyaml = "^5.4" # CVE-2020-14343 was fixed in 5.4.
+pydantic = "^1.9"
+fsspec = ">=2021.09.0,<2024.1.0" # `lexists()` was implemented in 2021.09.0. 
Upper bound set arbitrarily, to be reassessed in early 2024.
+pyparsing = "^3.0.7" # The `min` keyword argument for `delimited_list()` was 
added in 3.0.7.
+zstandard = ">=0.13.0,<1.0.0"
+pyarrow = { version = ">=7.0.0,<12.0.0", optional = true }
+pandas = { version = ">=1.0.0,<3.0.0", optional = true }
+duckdb = ">=0.5.0,<1.0.0"
+ray = { version = "^2", optional = true }
+python-snappy = { version = "^0.6", optional = true }
+thrift = { version = ">=0.13.0,<1.0.0", optional = true }
+boto3 = { version = ">=1.17.106", optional = true }
+s3fs = { version = ">=2021.08.0,<2024.1.0", optional = true } # Upper bound 
set arbitrarily, to be reassessed in early 2024.

Review Comment:
   I think this should be in line with fsspec:
   ```suggestion
   s3fs = { version = ">=2021.09.0,<2024.1.0", optional = true } # Upper bound 
set arbitrarily, to be reassessed in early 2024.
   ```



##########
python/pyproject.toml:
##########
@@ -43,25 +43,24 @@ include = [{ path = "dev", format = "sdist" }]
 
 [tool.poetry.dependencies]
 python = "^3.8"
-mmhash3 = "3.0.1"
-requests = ">=2.28.1,<=2.28.2"
-click = "8.1.3"
-rich = ">=13.0.0,<=13.3.4"
-pyyaml = ">=5.4.0,<=6.0.0"
-pydantic = "1.10.7"
-fsspec = ">=2022.8.2,<=2023.3.0"
-pyparsing = "3.0.9"
-zstandard = "0.20.0"
-pyarrow = { version = ">=8.0.0,<=11.0.0", optional = true }
-pandas = { version = ">=1.4.4,<=1.5.3", optional = true }
-duckdb = { version = ">=0.6.0,<=0.7.1", optional = true }
-ray = { version = ">=2.0.0,<=2.3.1", optional = true }
-python-snappy = { version = "0.6.1", optional = true }
-thrift = { version = "0.16.0", optional = true }
-boto3 = { version = "1.24.59", optional = true }
-# The versions of the fsspec implementations should run in sync with fsspec 
above
-s3fs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
-adlfs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
+mmhash3 = "^3"
+requests = "^2.20"
+click = ">=7.1.1,<9.0.0"
+rich = ">=10.11.0,<14.0.0"
+pyyaml = "^5.4" # CVE-2020-14343 was fixed in 5.4.
+pydantic = "^1.9"
+fsspec = ">=2021.09.0,<2024.1.0" # `lexists()` was implemented in 2021.09.0. 
Upper bound set arbitrarily, to be reassessed in early 2024.
+pyparsing = "^3.0.7" # The `min` keyword argument for `delimited_list()` was 
added in 3.0.7.
+zstandard = ">=0.13.0,<1.0.0"
+pyarrow = { version = ">=7.0.0,<12.0.0", optional = true }

Review Comment:
   ```suggestion
   pyarrow = { version = ">=9.0.0,<12.0.0", optional = true }
   ```
   I got errors with Arrow 8.0.0:
   
   
![image](https://user-images.githubusercontent.com/1134248/233992086-9a739c9e-5f2f-46fc-a8b8-42dac60a3179.png)
   



##########
python/pyproject.toml:
##########
@@ -43,25 +43,24 @@ include = [{ path = "dev", format = "sdist" }]
 
 [tool.poetry.dependencies]
 python = "^3.8"
-mmhash3 = "3.0.1"
-requests = ">=2.28.1,<=2.28.2"
-click = "8.1.3"
-rich = ">=13.0.0,<=13.3.4"
-pyyaml = ">=5.4.0,<=6.0.0"
-pydantic = "1.10.7"
-fsspec = ">=2022.8.2,<=2023.3.0"
-pyparsing = "3.0.9"
-zstandard = "0.20.0"
-pyarrow = { version = ">=8.0.0,<=11.0.0", optional = true }
-pandas = { version = ">=1.4.4,<=1.5.3", optional = true }
-duckdb = { version = ">=0.6.0,<=0.7.1", optional = true }
-ray = { version = ">=2.0.0,<=2.3.1", optional = true }
-python-snappy = { version = "0.6.1", optional = true }
-thrift = { version = "0.16.0", optional = true }
-boto3 = { version = "1.24.59", optional = true }
-# The versions of the fsspec implementations should run in sync with fsspec 
above
-s3fs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
-adlfs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
+mmhash3 = "^3"
+requests = "^2.20"
+click = ">=7.1.1,<9.0.0"
+rich = ">=10.11.0,<14.0.0"
+pyyaml = "^5.4" # CVE-2020-14343 was fixed in 5.4.
+pydantic = "^1.9"
+fsspec = ">=2021.09.0,<2024.1.0" # `lexists()` was implemented in 2021.09.0. 
Upper bound set arbitrarily, to be reassessed in early 2024.
+pyparsing = "^3.0.7" # The `min` keyword argument for `delimited_list()` was 
added in 3.0.7.
+zstandard = ">=0.13.0,<1.0.0"
+pyarrow = { version = ">=7.0.0,<12.0.0", optional = true }
+pandas = { version = ">=1.0.0,<3.0.0", optional = true }
+duckdb = ">=0.5.0,<1.0.0"
+ray = { version = "^2", optional = true }
+python-snappy = { version = "^0.6", optional = true }
+thrift = { version = ">=0.13.0,<1.0.0", optional = true }
+boto3 = { version = ">=1.17.106", optional = true }
+s3fs = { version = ">=2021.08.0,<2024.1.0", optional = true } # Upper bound 
set arbitrarily, to be reassessed in early 2024.
+adlfs = { version = ">=2021.07.0,<2024.1.0", optional = true } # Upper bound 
set arbitrarily, to be reassessed in early 2024.

Review Comment:
   I think this should be in line with fsspec:
   ```suggestion
   adlfs = { version = ">=2021.09.0,<2024.1.0", optional = true } # Upper bound 
set arbitrarily, to be reassessed in early 2024.
   ```



##########
python/pyproject.toml:
##########
@@ -91,6 +90,7 @@ s3fs = ["s3fs"]
 glue = ["boto3"]
 adlfs = ["adlfs"]
 dynamodb = ["boto3"]
+zstandard = ["zstandard"]

Review Comment:
   Nice! Great catch!



##########
python/pyproject.toml:
##########
@@ -43,25 +43,24 @@ include = [{ path = "dev", format = "sdist" }]
 
 [tool.poetry.dependencies]
 python = "^3.8"
-mmhash3 = "3.0.1"
-requests = ">=2.28.1,<=2.28.2"
-click = "8.1.3"
-rich = ">=13.0.0,<=13.3.4"
-pyyaml = ">=5.4.0,<=6.0.0"
-pydantic = "1.10.7"
-fsspec = ">=2022.8.2,<=2023.3.0"
-pyparsing = "3.0.9"
-zstandard = "0.20.0"
-pyarrow = { version = ">=8.0.0,<=11.0.0", optional = true }
-pandas = { version = ">=1.4.4,<=1.5.3", optional = true }
-duckdb = { version = ">=0.6.0,<=0.7.1", optional = true }
-ray = { version = ">=2.0.0,<=2.3.1", optional = true }
-python-snappy = { version = "0.6.1", optional = true }
-thrift = { version = "0.16.0", optional = true }
-boto3 = { version = "1.24.59", optional = true }
-# The versions of the fsspec implementations should run in sync with fsspec 
above
-s3fs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
-adlfs = { version = ">=2022.8.2,<=2023.3.0", optional = true }
+mmhash3 = "^3"
+requests = "^2.20"
+click = ">=7.1.1,<9.0.0"
+rich = ">=10.11.0,<14.0.0"
+pyyaml = "^5.4" # CVE-2020-14343 was fixed in 5.4.
+pydantic = "^1.9"
+fsspec = ">=2021.09.0,<2024.1.0" # `lexists()` was implemented in 2021.09.0. 
Upper bound set arbitrarily, to be reassessed in early 2024.
+pyparsing = "^3.0.7" # The `min` keyword argument for `delimited_list()` was 
added in 3.0.7.
+zstandard = ">=0.13.0,<1.0.0"
+pyarrow = { version = ">=7.0.0,<12.0.0", optional = true }
+pandas = { version = ">=1.0.0,<3.0.0", optional = true }
+duckdb = ">=0.5.0,<1.0.0"
+ray = { version = "^2", optional = true }
+python-snappy = { version = "^0.6", optional = true }
+thrift = { version = ">=0.13.0,<1.0.0", optional = true }
+boto3 = { version = ">=1.17.106", optional = true }

Review Comment:
   FYI. This one is hard pinned by `aiobotocore`: 
https://github.com/aio-libs/aiobotocore/blob/master/setup.py#L10



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [iceberg] Fokko commented on a diff in pull request #7376: Python: Provide version ranges for each dependency

Reply via email to